keycloak-aplcache
Changes
authz/client/src/main/java/org/keycloak/authorization/client/representation/AuthorizationRequestMetadata.java 4(+3 -1)
authz/client/src/main/java/org/keycloak/authorization/client/resource/EntitlementResource.java 6(+5 -1)
Details
diff --git a/authz/client/src/main/java/org/keycloak/authorization/client/representation/AuthorizationRequestMetadata.java b/authz/client/src/main/java/org/keycloak/authorization/client/representation/AuthorizationRequestMetadata.java
index 0dfd416..175d081 100644
--- a/authz/client/src/main/java/org/keycloak/authorization/client/representation/AuthorizationRequestMetadata.java
+++ b/authz/client/src/main/java/org/keycloak/authorization/client/representation/AuthorizationRequestMetadata.java
@@ -23,7 +23,9 @@ import com.fasterxml.jackson.annotation.JsonProperty;
*/
public class AuthorizationRequestMetadata {
- @JsonProperty("include_resource_name")
+ public static final String INCLUDE_RESOURCE_NAME = "include_resource_name";
+
+ @JsonProperty(INCLUDE_RESOURCE_NAME)
private boolean includeResourceName;
public boolean isIncludeResourceName() {
diff --git a/authz/client/src/main/java/org/keycloak/authorization/client/resource/EntitlementResource.java b/authz/client/src/main/java/org/keycloak/authorization/client/resource/EntitlementResource.java
index e81a34f..d0dc2cf 100644
--- a/authz/client/src/main/java/org/keycloak/authorization/client/resource/EntitlementResource.java
+++ b/authz/client/src/main/java/org/keycloak/authorization/client/resource/EntitlementResource.java
@@ -41,7 +41,11 @@ public class EntitlementResource {
.authorizationBearer(this.eat);
if (metadata != null) {
- method.param("include_resource_name", String.valueOf(metadata.isIncludeResourceName()));
+ StringBuilder params = new StringBuilder();
+
+ params.append(AuthorizationRequestMetadata.INCLUDE_RESOURCE_NAME).append("=").append(metadata.isIncludeResourceName());
+
+ method.param("metadata", params.toString());
}
return method.response().json(EntitlementResponse.class).execute();
diff --git a/services/src/main/java/org/keycloak/authorization/authorization/representation/AuthorizationRequestMetadata.java b/services/src/main/java/org/keycloak/authorization/authorization/representation/AuthorizationRequestMetadata.java
index 92df744..77aa1d5 100644
--- a/services/src/main/java/org/keycloak/authorization/authorization/representation/AuthorizationRequestMetadata.java
+++ b/services/src/main/java/org/keycloak/authorization/authorization/representation/AuthorizationRequestMetadata.java
@@ -16,16 +16,31 @@
*/
package org.keycloak.authorization.authorization.representation;
+import java.util.Map;
+
import com.fasterxml.jackson.annotation.JsonProperty;
+import com.sun.org.apache.xpath.internal.operations.Bool;
/**
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
*/
public class AuthorizationRequestMetadata {
- @JsonProperty("include_resource_name")
+ public static final String INCLUDE_RESOURCE_NAME = "include_resource_name";
+
+ @JsonProperty(INCLUDE_RESOURCE_NAME)
private boolean includeResourceName;
+ public AuthorizationRequestMetadata() {
+ this(null);
+ }
+
+ public AuthorizationRequestMetadata(Map<String, String> claims) {
+ if (claims != null) {
+ includeResourceName = Boolean.valueOf(claims.getOrDefault(INCLUDE_RESOURCE_NAME, "true")).booleanValue();
+ }
+ }
+
public boolean isIncludeResourceName() {
return includeResourceName;
}
diff --git a/services/src/main/java/org/keycloak/authorization/entitlement/EntitlementService.java b/services/src/main/java/org/keycloak/authorization/entitlement/EntitlementService.java
index 013cb88..a37269d 100644
--- a/services/src/main/java/org/keycloak/authorization/entitlement/EntitlementService.java
+++ b/services/src/main/java/org/keycloak/authorization/entitlement/EntitlementService.java
@@ -102,7 +102,7 @@ public class EntitlementService {
@GET()
@Produces("application/json")
@Consumes("application/json")
- public Response getAll(@PathParam("resource_server_id") String resourceServerId, @QueryParam("include_resource_name") Boolean includeResourceName) {
+ public Response getAll(@PathParam("resource_server_id") String resourceServerId, @QueryParam("metadata") String metadataParam) {
KeycloakIdentity identity = new KeycloakIdentity(this.authorization.getKeycloakSession());
if (resourceServerId == null) {
@@ -123,16 +123,7 @@ public class EntitlementService {
throw new ErrorResponseException(OAuthErrorException.INVALID_REQUEST, "Client does not support permissions", Status.FORBIDDEN);
}
- AuthorizationRequestMetadata metadata;
-
- if (includeResourceName != null) {
- metadata = new AuthorizationRequestMetadata();
- metadata.setIncludeResourceName(includeResourceName);
- } else {
- metadata = null;
- }
-
- return evaluate(metadata, Permissions.all(resourceServer, identity, authorization), identity, resourceServer);
+ return evaluate(getMetadata(metadataParam), Permissions.all(resourceServer, identity, authorization), identity, resourceServer);
}
@Path("{resource_server_id}")
@@ -306,4 +297,27 @@ public class EntitlementService {
}
}).collect(Collectors.toList());
}
+
+ private AuthorizationRequestMetadata getMetadata(@QueryParam("metadata") String metadataParam) {
+ AuthorizationRequestMetadata metadata;
+
+ if (metadataParam != null) {
+ Map<String, String> claims = new HashMap<>();
+
+ for (String claim : metadataParam.split(",")) {
+ String[] values = claim.split("=");
+
+ if (values.length < 2) {
+ throw new ErrorResponseException("invalid_metadata", "Invalid metadata", Status.BAD_REQUEST);
+ }
+
+ claims.put(values[0], values[1]);
+ }
+
+ metadata = new AuthorizationRequestMetadata(claims);
+ } else {
+ metadata = null;
+ }
+ return metadata;
+ }
}